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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 

- ,f No'period for reply is specified above the max,™ (35 U.S.C. § 1 33). 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 31 October 2003. 
2a)D This action is FINAL. 2b)E This action is non-final. 

3) D Since this application is in condition for allowance except formal matters prosecutor . as to the merits ,s 
closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1^24 is/are pending in the application 

4a) Of the above claim(s) 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1J4 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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DETAILED ACTION 



Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1 - 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schneider et al (U.S. 6,105,027) in view of Ross et al (U.S. 6,643,648). 

♦ As per claim 1, 9, 17, 

Schneider discloses a system for control access data in a database comprising: 

- A requestor or user is requesting access to data in database (See Fig. 1 ). The 
requestor can be any type of user. It can be a database administrator, an owner 
of the file, or a user with access right (Col. 10 line 7 - 9). 

- "The requesting access to data" See col. 2 line 11-12 

- "Determining if the object is a sensitive object that is associated with security 
functions". Schneider teaches that in order to access to the object, it must 
determine the sensitivity level of the information (Col. 15 line 38-49), and the 
sensitivity level of a resource is simply a value. The greater the need to protect 
the information resource, the higher its sensitivity level (Col. 9 line 12-16). 

- "The object" corresponds to the "resource" in fig. 14 - 1 5, where the "resource" 
can include "the resource's sensitive level, a description of the resource,., a 
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hidden flag which indicates whether Intramap should display the resource to 
users" (Col. 29 lines 63 - col. 30 lines 5). 

- "If the object is not a sensitive object, and if the command is received from a 
normal database administrator... allowing the administrative function to proceed" 
See col. 9 line 3- 11. 

- "If the object is a sensitive object, and if the command is received from a normal 
system administrator, disallowing the administrative function" See col. 9 line 3 - 
1 1 . Fig. 6 provides the requirements for access certain type of data (Col. 18 line 
1 - col. 19 line 45). 

Schneider does not clearly disclose "the sensitive object is encrypted in the database 
system". However, Ross discloses a secure limited access database system that 
includes sensitive data. The user or customer does not want the database designer to 
view of possess the sensitive data (col. 8 lines 55 - 58, Ross). Therefore, Ross 
discloses a method of encrypt the records at some arbitrarily chosen (col. 7 lines 41 - 
50, Ross). Since both inventions, Schneider and Ross, are in the same field, it would 
have been obvious to one with ordinary skill in the art at the time the invention was 
made to apply the teaching of Ross into the system of Schneider, because the 
combination would provide more security in access object in the database (lines 52 - 
55, 61 - 64, Ross). 

♦ As per claim 2, 10, 18, Schneider discloses: 

- "A request to perform an operation" corresponds to "a command to perform an 
administrative function" See Fig. 19, col. 35 line 49 - 52. 
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♦ As per claim 3 - 5, 11 - 13, 19-21, Schneider discloses: 

Schneider teaches that the user must use the encryption key, which associated 
with the message, to decrypt the message (Col. 10 line 29 - 37). Therefore, the 
encryption key is stored along with a table containing the data item. 

♦ As per claim 6, 14, 22, Schneider discloses: 

- "A sensitive table containing sensitive data in the database system" See Fig. 6. 
Fig. 6 is a table used in defining the relationship between sensitivity levels and 

authentication and encryption techniques. This table represents the requirements for a 
sensitive user of the database system in order to gain access to sensitive data. 

♦ As per claim 7, 15, 23, Schneider discloses: 

- "Allowing the security officer to perform the administrative function". As stated in 
Col. 13 line 61 - 63, an administrator that has control a certain level of resources 
tree also controls all lower levels. Therefore, if a "security officer" holding a top 
secret level as shown in Fig. 6, this officer definitely can access lower level such 
as public level where object is not a sensitive object. 

♦ As per claim 8, 16, 24, Schneider discloses: 

Schneider teaches about how to protect a sensitive data stored in the database. 
Therefore, the database must include a number of sensitive data items, and only 
specific sensitive users are allowed to access a given data item as shown in Fig. 6. 



3. Applicant's arguments with respect to claims 1 - 24 have been considered but are 
moot in view of the new ground(s) of rejection. 



Response to Arguments 
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Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

- O'Flaherty et al (U.S. 6,275,824) discloses a system and method for managing 
data privacy in a database management system. 

- Basso, Jr. et al (U.S. 6,131 ,090) discloses a method and system for providing 
controlled access to information stored on a portable recording medium. 

- Ulf Dahl (U.S. 6,321 ,201 ) discloses a data security system for database having 
multiple encryption levels applicable on a data element value level. 

- Ralph F. Conley (U.S. 5,894,521 ) discloses a system and method for encrypting 
sensitive information. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Cam-Linh T. Nguyen whose telephone number is 703- 
305- 1951. The examiner can normally be reached on Monday- Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on 703-308-1436. The fax phone number for 
the organization where this application or proceeding is assigned is 703- 746- 7239. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703- 305- 
3900. 
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